网络安全 · AI 攻防全景图 · 2026-07 版Cybersecurity · The AI Attack-Defense Landscape · Jul 2026

AI 是一把双刃剑——它同时武装了攻方守方,但基本功仍吃掉八成风险 AI is a double-edged sword — it arms the attacker and the defender at once, yet the fundamentals still absorb 80% of the risk

「九成入侵始于一封钓鱼邮件——技术漏洞可补,人性软肋难补。」"Nine in ten breaches start with a phishing email — you can patch a vulnerability, you can't patch human nature."
「AI 是放大器,不是地基替代品——MFA + 补丁 + 备份仍吃掉 80% 的风险。」"AI is an amplifier, not a foundation replacement — MFA + patching + backups still absorb 80% of the risk."

五大版图:攻防双轨杀伤链(侦察→初始访问→立足→提权→横向移动→驻留→窃取勒索,每段红蓝对垒)、Security for AI 新纵列(AI 本身成为新攻击面)、基本功 ROI 三梯队全球 × 中国厂商竞技场(并购潮)、机会与雷区矩阵(按角色筛选)。深伪技术与 news 图擦边——那里讲舆论信息战,本图讲它作为金融诈骗与社工入口的攻击链。 Five maps: the dual-track kill chain (recon → initial access → foothold → privilege → lateral → persistence → exfiltration, red vs blue at every stage), the Security-for-AI column (AI itself as a new attack surface), the fundamentals ROI ladder, the global × China vendor arena (the M&A wave), and the opportunity-and-minefield matrix filterable by role. Deepfakes overlap with the news map — that one covers information warfare, this one covers deepfakes as the attack chain for financial fraud and social engineering.

攻方 AIOffensive AI
守方 AIDefensive AI
AI 自身安全Security for AI
基本功地基The fundamentals
传统节点Traditional
80%
基本功(抗钓鱼 MFA + 补丁 + 不可变备份)吃掉的风险——CIS 前五控制防 85%+ 已知技术、微软基础卫生防 99% 常见攻击;AI 是放大器不是地基Risk absorbed by fundamentals (phishing-resistant MFA + patching + immutable backups) — CIS's top-5 controls stop 85%+ of known techniques, Microsoft's basic hygiene stops 99% of common attacks; AI amplifies, it isn't the foundation
12
漏洞披露→被利用的中位时间 TTE(2021 年还是 32 天)——AI 把补丁到 exploit 压缩到数小时内,用户中招钓鱼中位时间 <60 秒Median time-to-exploit after disclosure (32 days back in 2021) — AI compresses patch-to-exploit to hours; median time for a user to fall for phishing is under 60 seconds
$320亿
Google 收购 Wiz——史上最大网络安全收购;叠加 Palo Alto $250 亿收 CyberArk:平台整合潮把 AI 安全初创几乎收编殆尽Google's acquisition of Wiz — the largest cybersecurity deal ever; stacked on Palo Alto's $25B for CyberArk, the platform-consolidation wave has absorbed nearly every AI-security startup
82
每个人对应的机器身份数(CyberArk 2025),42% 有特权访问——「AI 智能体是终极特权用户」,身份成为新边界Machine identities per human (CyberArk 2025), 42% with privileged access — "the AI agent is the ultimate privileged user"; identity is the new perimeter
口径警告:AI 钓鱼有效性各源分歧极大(点击率 54%[全景] ↔ 11% vs 人工 14%[compass],相差 5 倍,图中并列不取单值);厂商自述效率数字(奇安信 60 倍 / 深信服 96.6% / CrowdStrike 98% / 微软 550%)标 ⚑「厂商自述」角标,未经第三方验证;GTG-1002「AI 自主国家级攻击」为 Anthropic 单方披露且模型会夸大编造;「全自主攻击链」尚未成真(Google「未观察到突破性能力」);IDC 2028 市场预测为预测非事实。 Basis warning: AI phishing efficacy diverges wildly by source (click rate 54% [全景] ↔ 11% vs 14% human [compass], a 5x gap — shown side by side, no single value taken); vendor-claimed efficiency figures (QiAnXin 60x / Sangfor 96.6% / CrowdStrike 98% / Microsoft 550%) carry a ⚑ "vendor claim" flag, unverified by third parties; GTG-1002's "autonomous state-level AI attack" is Anthropic's sole disclosure with a model that exaggerates and fabricates; the "fully autonomous attack chain" hasn't materialized (Google: "no breakthrough capability observed"); IDC's 2028 forecast is a projection, not fact.
Reading the MapReading the Map

从这张图看到的五条规律Five patterns this map makes visible